CVE-2023-49095

EUVD-2023-53105
nexkey is a microblogging platform. Insufficient validation of ActivityPub requests received in inbox could allow any user to impersonate another user in certain circumstances. This issue has been patched in version 12.122.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
GitHub_MCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
nexryainexkey
𝑥
< 12.122.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab
https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx
https://github.com/nexryai/nexkey/commit/b96da0eac5a1e75abba94cf926f1251842829bab
https://github.com/nexryai/nexkey/security/advisories/GHSA-fpxw-rw9v-2gmx